Ransomware Attacks on Parkview Medical Center and ExecuPharm

Parkview Medical Center located in Pueblo, Colorado is recouping from a ransomware attack which began on April 21, 2020. Several IT systems were deactivated because of the attack. The Meditech electronic medical record system of the medical center became inoperable. The investigation of the attack is still ongoing with the help of a third-party computer forensics company.

Parkview Medical Center is presently working 24 / 7 to reestablish its systems online and retrieve the encrypted information. Meanwhile, medical services are still made available to patients. Personnel used pen and paper to document patient data until online systems could be restored. In spite of not being able to access important systems, the level and quality of patient care given by the medical center did not change.

The medical center’s spokesperson said that although their medical staff still work night and day to respond to the current global pandemic, they are performing their best to restore their systems online as fast and safely as possible. As of April 29, the hospital’s website still states that systems are still not working.

It is unknown whether the ransomware attack was manual or automated or if the attackers exfiltrated sensitive data prior to the installation of ransomware.

Maze Ransomware Attack on ExecuPharm

On March 13, 2020, ExecuPharm, a pharmaceutical firm based in King of Prussia, PA, encountered a Maze ransomware attack and theft of sensitive data. The threat actors behind the Maze ransomware carry out manual attacks and they steal information from their victims prior to data encryption. They additionally threaten to make the data public if the victims do not pay the ransom, like the case in this cyberattack.

The attackers have formerly mentioned to the press that they will stop ransomware attacks on healthcare institutions at the time of the COVID-19 crisis. However, it seems that pharma firms are not exempted from their campaigns. In this instance, the information published to the Maze web page includes financial data, records, database backups, and other sensitive information.

As per a statement given by ExecuPharm, a top-rated cybersecurity firm is helping with the investigation to ascertain the nature and extent of the data breach. The company already reported the incident to law enforcement and all impacted people were sent notifications.

Besides company data, the personal information of employees was likewise accessed and downloaded by the attackers. That data consists of Social Security numbers, financial data, passport numbers, driver licenses, bank account data, credit card numbers, IBAN/SWIFT numbers, beneficiary information, national insurance numbers, and other sensitive information. The attackers also stole some data pertaining to its parent firm, Parexel. Affected men and women were offered free identity theft monitoring services for one year.

The firm has restored its servers using backups and as soon as systems were restored, all information will be retrieved from backups as well. Measures are likewise being put in place to toughen security against these kinds of attacks. The company installed multi-factor authentication for remote connections, endpoint security, and recognition and response forensics solutions on all systems. Email security measures were likewise enhanced to keep away ransomware emails.